Merge pull request #373 from softwareone-platform/bp-sync-661c043

⚠️ Sync upstream/integration (661c043) -> release/4 2026-03-10 (deployment changes present)

Author: michal-zielonka

.github/CODEOWNERS

@@ -1,7 +1,8 @@
-# Frontend only for ngui
+# Frontend
 ngui/             @hystax/ui
+jira_ui/          @hystax/ui
 
-# Backend for other directories
+# Backend
 auth/             @hystax/backend
 bi_exporter/      @hystax/backend
 bumischeduler/    @hystax/backend
@@ -13,7 +14,6 @@ gemini/           @hystax/backend
 herald/           @hystax/backend
 insider/          @hystax/backend
 jira_bus/         @hystax/backend
-jira_ui/          @hystax/backend
 katara/           @hystax/backend
 keeper/           @hystax/backend
 metroculus/       @hystax/backend

.github/workflows/auto-assign-author.yml

@@ -1,25 +1,58 @@
-name: Auto-assign PR author
-
-on:
-  pull_request:
-    types: [opened, reopened]
-
-jobs:
-  auto-assign:
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-
-    steps:
-      - name: Assign PR author
-        uses: actions/github-script@v8
-        with:
-          script: |
-            const reporter = context.actor
-            await github.rest.issues.addAssignees({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: context.payload.pull_request.number,
-              assignees: [reporter]
-            })
-
+name: Auto-assign PR author
+
+on:
+  pull_request:
+    types: [opened, reopened]
+
+jobs:
+  auto-assign:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      issues: write  # Required because assignees API works via issues 
+      contents: read # Minimal read access to repository contents
+
+    steps:
+      - name: Assign PR author
+        uses: actions/github-script@v8
+        with:
+          script: |
+            // Repository owner (organization or user who owns the repo)
+            const owner = context.repo.owner;
+
+            // Repository name
+            const repo = context.repo.repo;
+
+            // Login of the pull request author
+            const prAuthor = context.payload.pull_request.user.login;
+
+            try {
+              // Check the permission level of the PR author
+              const { data: perm } =
+                await github.rest.repos.getCollaboratorPermissionLevel({
+                  owner,
+                  repo,
+                  username: prAuthor
+                });
+
+              // If the author has write/maintain/admin rights → assign them to the PR
+              if (["write", "maintain", "admin"].includes(perm.permission)) {
+                await github.rest.issues.addAssignees({
+                  owner,
+                  repo,
+                  issue_number: context.payload.pull_request.number,
+                  assignees: [prAuthor]
+                });
+                console.log(`Assigned PR to ${prAuthor}`);
+              } else {
+                // If the author has insufficient rights → skip assignment
+                console.log(
+                  `Skipping assignment for ${prAuthor}: permission=${perm.permission}`
+                );
+              }
+            } catch (error) {
+              // If the author is not a collaborator (e.g., PR from a fork) → skip without failing
+              console.log(
+                `Skipping assignment for ${prAuthor}: not a collaborator`
+              );
+            }

.gitignore

@@ -17,6 +17,7 @@ rest_api/.clickhouse
 **/.pytest_cache/
 **/.ruff_cache/
 # Build files
+**/build
 **/dist
 **/*egg-info/
 **/*.tar.gz
@@ -33,14 +34,6 @@ ngui/*/storybook
 ngui/server/package-lock.json
 ngui/ui/package-lock.json
 
-# ffc_ngui
-ffc_ngui/server/.env
-ffc_ngui/ui/.env
-ffc_ngui/*/node_modules
-ffc_ngui/*/build/
-ffc_ngui/*/dist/
-ffc_ngui/*/storybook
-
 **/npm-debug.log*
 **/yarn-debug.log*
 **/yarn-error.log*
@@ -59,3 +52,7 @@ jira_ui/*/build/
 /e2etests/.cache/
 /e2etests/.cache/*
 /e2etests/tests/downloads/*
+
+
+# Vagrant
+optscale-deploy/.vagrant/

README.md

@@ -2,12 +2,15 @@
 ⭐ Drop a star to support OptScale ⭐
 </p>
 
-# FinOps and cloud cost management platform to run any cloud workload with optimal performance and cost
+# Open-Source FinOps & Cloud Cost Optimization Platform
 
 <p align="center">
 <a href="documentation/images/cover-GitHub.png"><img src="documentation/images/FinOps-platform.png" width="40%" align="middle"></a>
 </p>
-OptScale is an open source FinOps platform that optimizes cloud costs and performance for any workload, providing effective cloud cost management for all types of organizations.
+
+<br>OptScale is an open-source  [FinOps and cloud cost optimization platform](https://hystax.com/optscale/finops-overview/) that helps engineering and finance teams control and reduce spend across AWS, Microsoft Azure, GCP, Alibaba Cloud, and Kubernetes clusters.
+It provides deep visibility into infrastructure costs, automated optimization recommendations, and governance tools for R&D and data platforms.
+
 <br>
 <br>
 <p align="center">
@@ -29,21 +32,56 @@ OptScale is an open source FinOps platform that optimizes cloud costs and perfor
 ![Average cloud cost savings](https://img.shields.io/badge/Average_cloud_cost_savings-38%25-yellow)
 
 </div>
+
+<br>
+
+<div>
+<br>  
+  <img src="documentation/images/Max_Kuzkin.png" width="80" align="left" style="border-radius: 50%; margin-right: 15px">
+  <i>
+    “Hystax OptScale has been a game-changer for our FinOps practice. Its powerful capabilities, flexibility, and seamless integration have empowered us to deliver unprecedented transparency, control, and cost optimization for our clients. We truly value our partnership with Hystax and are excited to innovate further together.”
+  </i>
+  <div align="right">
+    <i><b>Max Kuzkin</b>, General Manager, SoftwareOne Platform</i>
+  </div>
+</div>
+
+<br>
+
 <br>
 
-## OptScale FinOps and cloud cost optimization capabilities
+## Overview
+OptScale connects to your cloud accounts and Kubernetes clusters, ingests billing and usage data, and analyzes infrastructure consumption to surface actionable insights that eliminate waste and optimize resource usage.
+It supports multi-cloud environments and integrates with popular data platforms, including Databricks, Amazon S3, and Amazon Redshift.
+
+<br>
+
+## Key Features
+### Cost optimization
+<li>Unused and idle resource detection for VMs, volumes, databases, and other cloud resources</li>
+<li>Rightsizing recommendations for overprovisioned instances and workloads</li>
+<li>R&D resource power management to automatically stop non-production environments outside working hours</li>
+<li>Commitment utilization analysis for Reserved Instances, Savings Plans, and Spot Instances</li>
+
+
+### FinOps and governance
+<li>FinOps dashboards for engineering, finance, and product teams to track and allocate cloud spend</li>
+<li>Budgeting and alerting for cost anomalies, spikes, and budget overruns</li>
+<li>Tagging and ownership visibility to attribute costs to teams, projects, and environments</li>
+<li>Policy-driven governance and automation controls</li>
+
+
+### Data and AI/ML workloads
+<li>Databricks cost analytics with detailed visibility into cluster usage and idle time</li>
+<li>S3 and object storage optimization (lifecycle, unused buckets, storage class recommendations)</li>
+
+
+### Kubernetes and multi‑cloud
+<li>Kubernetes cluster cost allocation per namespace, workload, and label with workload-level visibility</li>
+<li>Multi-cloud support for AWS, Microsoft Azure, Google Cloud, and Alibaba Cloud from a single OptScale instance</li>
 
-<li>Optimal utilization of Reserved Instances, Savings Plans, and Spot Instances</li>
-<li>Unused resource detection</li>
-<li>R&D resource power management and rightsizing</li>
-<li>S3 duplicate object finder</li>
-<li>Resource bottleneck identification</li>
-<li>Optimal instance type and family selection</li>
-<li>Databricks support</li>
-<li>S3 and Redshift instrumentation</li>
-<li>VM Power Schedules</li>
+<br><br>Learn more about [OptScale features for FinOps and multi-cloud cost management](https://hystax.com/optscale/finops-capabilities-and-benefits/).
 
-  
 <br>You can check OptScale [live demo](https://my.optscale.com/live-demo) to explore product features on a pre-generated demo organization.
 <br>Learn more about the Hystax OptScale platform and its capabilities at [our website](https://hystax.com).
 
@@ -83,7 +121,7 @@ NVMe SSD is recommended.
 
 **OS Required**: [Ubuntu 24.04](https://releases.ubuntu.com/noble/).
 
-_The current installation process should work also on Ubuntu 22.04_
+_The current installation process should also work on Ubuntu 22.04_
 
 #### Updating old installation
 please follow [this document](documentation/update_to_24.04.md) to upgrade your existing installation on Ubuntu 20.04.

build.sh

@@ -110,6 +110,12 @@ do
     else
       echo "Building image for ${COMPONENT}, build tag: ${BUILD_TAG}"
       $BUILD_TOOL build $FLAGS -t ${COMPONENT}:${BUILD_TAG} -f ${DOCKERFILE} .
+      
+      # If the build fails, exit with the same status code as the build command
+      build_status_code="$?"
+      if [ "$build_status_code" -gt 0 ]; then
+        exit $build_status_code
+      fi
     fi
 
     if use_registry; then

bumiworker/bumiworker/modules/archive/instance_subscription.py

@@ -27,12 +27,13 @@ def __init__(self, *args, **kwargs):
     def supported_cloud_types(self):
         return SUPPORTED_CLOUD_TYPES
 
-    def _has_discounts(self, raw_info):
+    @staticmethod
+    def _has_discounts(raw_info):
         if raw_info.get('cost') == 0:
             # savings plan applied
             return True
         for key in ['coupons_discount', 'resource_package_discount']:
-            if key in raw_info and float(raw_info[key]):
+            if key in raw_info and float(raw_info[key] or 0):
                 return True
 
     def _get(self, previous_options, optimizations, cloud_accounts_map,

docker_images/cleanelkdb/clean-elk-db.sh

@@ -22,7 +22,8 @@ remove_line_from_filebeat() {
 
 remove_index_from_elk() {
 	echo "DELETING "$2" INDEX FROM ELK"
-	curl -s -X DELETE $1':'$ELK_PORT'/'$2
+	encoded_index=$(jq -rn --arg index "$2" '$index|@uri')
+	curl -s -X DELETE $1':'$ELK_PORT'/'$encoded_index
 }
 
 m_total_log_size=$(get_size_of_logs $ELK_IP)
@@ -34,12 +35,11 @@ fi
 
 echo "SIZE OF LOGS BIGGER "$LOG_SIZE_MAX"Mb -> START TO REMOVE LOGS"
 curl -s -X GET "$ELK_IP:$ELK_PORT/_cat/indices?v" > curl_test.txt
-cat curl_test.txt | awk '/filebeat/ { print $3 }' | sort --reverse > filebeat.txt
+grep -oE '(%{[^}]+}|[a-zA-Z_]+)-[0-9]{4}\.[0-9]{2}\.[0-9]{2}' curl_test.txt | sort -t '-' -k2,2 > filebeat.txt
 
 while [ $m_total_log_size -gt $LOG_SIZE_MAX ]; do
 	m_filebeat=$(tail -n -1 filebeat.txt)
 	filebeat_date=$(echo $m_filebeat | awk -F '-' '{ print $2 }')
-
 	if [ "$m_filebeat" = "" ] ; then
 		break
 	else

docker_images/common/install-peer-finder.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+# TODO: Instead of this script we should use multi stage docker builds
+#       but this is good enough until we get arround to it
+#       Or even better -- see if we need this tool at all or if there is a better
+#       way to install it (e.g. via a package manager)
+
+set -x
+
+arch="$(uname -m)"
+dest_bin_path="/usr/local/bin/peer-finder"
+
+apt-get update
+apt-get install -y --no-install-recommends openssl ca-certificates wget
+rm -rf /var/lib/apt/lists/*
+
+if [[ "$arch" == "x86_64" || "$arch" == "amd64" ]]; then
+    wget -O $dest_bin_path https://storage.googleapis.com/kubernetes-release/pets/peer-finder
+elif [[ "$arch" == "aarch64" || "$arch" == "arm64" ]]; then
+    wget https://github.com/kmodules/peer-finder/releases/download/v1.0.2/peer-finder-linux-arm64.tar.gz \
+        -O /tmp/peer-finder-linux-arm64.tar.gz
+    tar -xzf /tmp/peer-finder-linux-arm64.tar.gz -C /tmp
+    mv /tmp/peer-finder-linux-arm64 $dest_bin_path
+else
+    echo "Unsupported architecture: $arch"
+    exit 1
+fi
+
+chmod +x $dest_bin_path
+apt-get purge -y --auto-remove ca-certificates wget
+

docker_images/error_pages/Dockerfile

@@ -1,3 +1,10 @@
-FROM ingressnginx/custom-error-pages:v1.2.0
+# TODO: The base image doesn't support arm64 yet but shouldn't be too hard to change that,
+# though it will require a change in the `kubernetes/ingress-nginx` repo.
+# References:
+#   * Base image's Dockerfile: https://github.com/kubernetes/ingress-nginx/blob/main/images/custom-error-pages/rootfs/Dockerfile
+#   * Relevant issue on GitHub: https://github.com/kubernetes/ingress-nginx/issues/10245
+
+ARG arch=amd64
+FROM --platform="linux/${arch}" ingressnginx/custom-error-pages:v1.2.0
 
 COPY docker_images/error_pages/www /www

docker_images/etcd/Dockerfile

@@ -1,7 +1,18 @@
-FROM gcr.io/etcd-development/etcd:v3.2.13
-RUN apk update
-# https://github.com/Yelp/dumb-init/issues/73#issuecomment-240439732
-RUN apk add ca-certificates wget && update-ca-certificates
-RUN apk --no-cache add curl
-RUN wget $(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/nexusriot/etcd-walker/releases/tags/0.0.11 | grep -Eo 'https://(.*linux_x64_static)') -O /bin/etcd-walker
+# etcd is a distroless image starting from v3.5, meaning we don't have access to a shell or package manager.
+# this is why we use multi-stage builds to build and copy the binary into the final image.
+# ref: https://github.com/GoogleContainerTools/distroless?tab=readme-ov-file#docker
+
+FROM golang:1.24.6 AS build-etcd-walker
+
+RUN git clone https://github.com/nexusriot/etcd-walker/ /tmp/etcd-walker-src
+
+WORKDIR /tmp/etcd-walker-src
+RUN git checkout 0.2.1
+RUN go build -ldflags "-linkmode external -extldflags -static" -o etcd-walker cmd/etcd-walker/main.go
+
+RUN mv etcd-walker /bin/etcd-walker
 RUN chmod +x /bin/etcd-walker
+
+# NOTE: v3.6+ require significant changes as they removed support for the V2 API, see https://etcd.io/docs/v3.6/upgrades/upgrade_3_6/
+FROM gcr.io/etcd-development/etcd:v3.2.13
+COPY --from=build-etcd-walker /bin/etcd-walker /bin/etcd-walker